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Abstract 



(N ■ In this paper the number of isomorphism classes of Legendre elliptic curves 

^ ■ over finite fields is enumerated. 
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§ ■ 1 Introduction 



A projective curve is a projective variety of dimension 1. Let K be an arbitrary field, 
an elliptic curve E over K is an absolutely irreducible smooth projective curve of 



genus 1 defined over K with a specified base point O. The elliptic curve cryptosystem 



was proposed by Koblitz [3] and by Miller |5j which relies on the difficulty of discrete 
logarithmic problem on the group of rational points on an elliptic curve. 

In order to study the elliptic curve cryptosystem, one need first to answer how 
many curves there are up to isomorphism, because two isomorphic elliptic curves 
are the same in the point of cryptographic view. So it is natural to count the 
isomorphism classes of some kinds of elliptic curves. Some formulae about counting 
the number of the isomorphism classes of general elliptic curves over a finite field 
can be found in literatures. For example, Schoof present the number of isomorphism 
classes of elliptic curves over the finite field ¥ q in [TJ, Menezes present the number 
of isomorphism classes of elliptic curves of the forms y 2 = x 3 + ax + b over the finite 
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field W q in [3], and Rezaeian Farashahi and Shparlinski [6] gave the exact formula 
for the number of distinct elliptic curves over a finite field (up to isomorphism over 
the algebraic closure of the ground field) in the family of Edwards curves. 

In this paper the number of isomorphism classes of Legendre elliptic curves over 
the finite field ¥ q is enumerated. 

2 Background 

It is well-known that every elliptic curve E over a field K can be written as a 
Weierstrass equation 

E : Y 2 + a x XY + a 3 Y = X 3 + a 2 X 2 + a 4 X + a 6 

with coefficients a\, a 2 , 0,3, a 4 , a 6 G K. The discriminant A{E) and the j-invariant 
j{E) of E are defined as 

A(E) = -b% - 8b 3 - 276 2 + 9b 2 b 4 b e 

and 

j(E) = (bl-2Ahf/A(E), 

where 

b 2 = a\ + 4a 2 , 
64 = 2a 4 + aids, 
b% = a| + 4a 6 , 

&8 = «ia6 — 010304 + 4a 2 ae + 0203 — at- 

Two projective varieties V\ and V2 are isomorphic if there exist morphisms <fi : 
V\ V2 and (p : V 2 — > Vi, such that o and o are the identity maps on V\ and 
V2 respectively. Two elliptic curves are said to be isomorphic if they are isomorphic 
as projective varieties. Let 

E 1 : Y 2 + a x XY + a 3 Y = X 3 + a 2 X 2 + a 4 X + a 6 

and 

E 2 : Y 2 + a[XY + a' 3 Y = X 3 + a' 2 X 2 + a' 4 X + a 6 

be two elliptic curves defined over K. It is known j8] that E\ and E 2 are isomorphic 
over K, or E\ is i^-isomorphic to E 2 , if and only if j{E%) = j{E 2 ), where K is the 
algebraic closure of K. However (see [8]), Let L be an extension of K, then E\ and 
E 2 are isomorphic over L if and only if there exist u,r,s,t G L and u^O such that 
the change of variables 

(X, Y) -> (m 2 X + r, w 3 y + m 2 sX + t) 
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maps the equation of E\ to the equation of E 2 . Therefore, E\ and E% are isomorphic 
over L if and only if there exists u,r, s,t £ L and n^O such that 

ua\ = ai + 2s, 

u 2 a 2 = a 2 — sd\ + 3r — s 2 , 

< u 3 a' 3 = a 3 + rai + 2£, 

ti 4 a 4 = a 4 — sa 3 + 2ra2 — (t + rs)ai + 3r 2 — 2st, 

u 6 a 6 = a 6 + ra 4 + r 2 a2 + r 3 — ta 3 — t 2 — rta\. 



For the simplified Weierstrass equations where ai = a 3 = a' x = a 3 = 0, then £1 is 
L- isomorphic to E2 if and only if there exist u, r £ L and u^O such that 

u 2 a 2 = &2 + 3r, 

M 4 a 4 = a 4 + 2ra 2 + 3r 2 , (2.1) 
M 6 a 6 = a 6 + ra 4 + r 2 a 2 + r 3 . 

The reader is referred to [S] for more results on the isomorphism of elliptic curves. 

Definition 2.1. The Legendre elliptic curve is one whose Weierstrass equation can 
be written as 

E\\ y 2 = x(x — l)(x — A). 

It is clear that the Legendre elliptic curve E\ is nonsingular for A 7^ 0,1. The 
points O, (0,0), (1,0), and (A, 0) are all the 2-division points, that is, the points 

whose double are O's. The j-invariant of E\ is j(E\) = % 8 ^x 2 ^\-i) 2 • 



3 Enumeration for Legendre curves 

It is well known [8] that two Legendre curves E\ : y 2 = x(x — l)(x — A) and 
Efj, : y 2 = x{x — l)(x — /x) are isomorphic over ¥ q if and only if they have the same 
j-invariant, or 

r, 1 1 , 1 a A-n 
^ g \ a 'a' 1 - a 'i3a'a^i— /• 

Therefore, the map A j(L x ) is exactly six-to-one unless when A £ {— 1,2, |}, 
the map is three-to-one, or when A 2 — A + 1 = 0, the map is two-to-one. Note 
that A 2 — A + 1 = has a root in ¥ q if and only if F* has an element of order 3, 
which is equivalent to q = 1 or 7 (mod 12). Therefore, we have that the number 
of Fq-isomorphism classes of Legendre elliptic curves is 9 ~ 2 ~ 3 ~ 2 + 1 + 1 = when 

q = 1, 7 (mod 12), and is ^z^l + 1 = 2±1 w h en q = 5, 11 (mod 12) (see pQ). 

In the following, the number of F^-isomorphism classes of Legendre elliptic curves 
will be counted. 
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Lemma 3.1. Let L a ^ : y 2 = x(x — a)(x — b) and Ld, e '■ y 2 = x(x — d)(x — e) be two 
elliptic curves defined over ¥ q , where ab(a — b) ^ and de(d — e) 7^ 0. Then L a ^ 
and L^ e are ¥ q -isomorphic if and only if there exists u G F* such that the set {d, e} 

ts equal to one of ^} and{^,^|}. 

Proof. From Equation (12. ip . we know that L a ^ and L^ e are ¥ q - isomorphic if and 
only if there exist u, r G ¥ q and u^O such that 

= -(a + b) + 3r, 
= a& - 2r(a + 6) + 3r 2 , 
= ra6 — r 2 (a + 6) + r 3 . 

Thus r = or r = a or r = b. Therefore, L a> b and Ld >e are F g -isomorphic if and only 
if there exists u G F* such that 

(d + e)w 2 = a + b, j (d + e)w 2 = b - 2a, J (d + e)u 2 = a - 26, 




dew 4 = ab, | deu 4 = a 2 — ab, ° r 1 dew 4 = b 2 — ab. 

Solving these 3 equations, we get that the set {d, e} is {-%, A}, or {^,^1 or 
{^}- " " □ 

Corollary 3.2. Let E\ : y 2 = x(x — l)(x — A) and : y 2 = x(x — l)(x — u) be 
two Legendre elliptic curves defined over¥ q . Then E\ and are ¥ q -isomorphic if 
and only if there exists u G F* such that the set {1,«} is equal to one of {^,^}, 

{4,^} and {±4, 4}- 

Now let E x : y 2 = x(x — l)(x — A) be a Legendre elliptic curve with A(A — 
1) 7^ 0. We want to determine how many Legendre elliptic curves which are ¥ q - 
isomorphic to E\. Let E^ be one of them. Then j(E^) = j(E\). Thus « G 
{A, 1 — A, j-, ^4, yz^, tzj}- ^ or ^ ne different choices of «, Table 1 gives what the w 2 
and what the set {1,«} can be compared with the result in Corollary 13.21 

Throughout the paper, the characteristic of the finite field ¥ q is assumed to be 
greater than 3. We distinguish the enumeration into the following two cases. 

Case 1: q = 3 (mod 4) 

In this case, —1 is not a square in ¥ q . When j(E\) = 0, then A 2 — A + 1 = 0. 
The equation A 2 — A + 1 = has roots in ¥ q if and only if q = 7 (mod 12). The roots 

are E\ = and £2 = "4r^- By Corollary I3.2[ it is easy to check that E £1 is not 
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Fg-isomorphic to E £2 . When j(E x ) = 1728, we have A G {-1,2, |}. Since {1,2} = 

{ 1 ~v~ 1 ) ; ~ ( -~ 1 - > }, E-x is ¥ q - isomorphic to E 2 . Furthermore, we know that exactly one 
of —2 and 2 is a square. When 2 is a square in ¥ q , then {1, |} = { J^ 2 , ,JL 2 }- When 
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Table 1: What the u 2 and what the set {1,/i} can be 



n = 


u 2 = 


{M} = 


A 


1 


(4 -41 


1 - A 


-1 


i4 ^> 


1 

A 


A 


(_L A) 

L 1A 2 ' li 2 J 


A-1 
A 


-A 




1 

1-A 


A - 1 


{^1 AAl 


A-1 J 


1-A 


^A| 

1 V? ' u 2 J 



—2 is a square in F 9 , then {1, |} = { (^Egp ? ( v ^)2 }• Hence Si is F g -isomorphic to 

E 2 . That means £Li, i?2 and Ei are F g -isomorphic to each other. Now assume that 

j{E\) 7^ 0, 1728, then the 6 possible values of fi are different to each other. But now 
exactly one of 1 and —1, one of A and —A, one of A — 1 and 1 — A is a square in ¥ q . 
So there are exactly 3 values of /i such that E^ is ¥ q - isomorphic to E\. Therefore 
the number of F ? -isomorphism classes of Legendre curves is 

q - 2 - 3 -\ l + 2 = ^, if 5 = 7 (mod 12), 

^|^ + 1 = ^, if 9 =11 (mod 12). 

This proves the following theorem. 

Theorem 3.3. Suppose ¥ q is a finite field with char(¥ q ) > 3 and q = 3 (mod 4). 
Let N q be the number of ¥ q -isomorphism classes of Legendre curves E\ : y 2 = 
x(x — l)(x — A) defined over ¥ q with A(A — 1) 7^ 0. Then 



q + 2 

3 ' 
q-2 



if q = 7 (mod 12), 
if q = 11 (mod 12). 



Case 2: q = 1 (mod 4) 



For the finite field F (/ . the Jaeobi symbol ( - ) is defined as follows for all a E F (/ : 




if a 7^ and a is a square in F ? , 
if a is not a square in ¥ q , 
if a = 0. 



The following lemma can be got easily. 
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Lemma 3.4. Suppose that ¥ q is a finite field with char(¥ q ) > 3 and q = 1 (mod 4). 

Let N(s,t) be the number ofae¥ q with N) = s and (^J = t. Then N(l, 1) = 

N(l, -1) = N(-l, 1) = iV(-l, -1) = 

Now we divide the Legendre elliptic curves E\ : y 2 = x(x — l)(x — A) with 
A 7^ 0,1, into the following 4 disjoint sets ifi, H 2 , H 3 and if 4, where 



Hi = {y 2 = x(x-l)(x-b)\^) = [^ 

H 2 = {y 2 = x(x-l)(x-b)\(^ = l,(±f)=-l 

Hs = {y 2 = x(x-l)(x-6)|(^)=-l,(^)=l} 

# 4 = \y 2 = x(x - l)(x - b)\ ( 



From Lemma E31 we get that = ^ and |if 2 | = \H$\ = \H 4 \ = 

Note that —1 is a square in this case. As in Case 1, j(E\) = if and only 
if A 2 — A + 1 = 0. The equation A 2 — A + 1 = has roots in ¥ q if and only if 

q = 1, 13 (mod 24). The roots are e x = = ( ^V" 1 )' and e 2 = = 

(^-~2~^j = 1 — £ i- Thus _E £l , _E £2 G i?i and by Corollary 13.21 i£ ei is Fg-isomorphic 

to£ £2 since {1,£ 2 } = {(7=T)^ When j(E A ) = 1728, we have A G {-1,2,|}. 

Now 2 is a square if and only if q = 1, 17 (mod 24). So when g = 1, 17 (mod 24), 
E_i,E 2 ,Ex G i^i and they are Fq-isomorphic to each other as in Case 1. When 

q = 5,13 (mod 24), E_i G H 2 , E 2 G H 3 , while i?i G i^4. It can be checked easily 
that E_i and E 2 are F g -isomorphic to each other but Ex is not F 9 - isomorphic to 
them. 

Now let j(E x ) ^ 0, 1728. Then A, 1 - A, ±, the 6 possible values for 

/i, are distinct with each other. If E\ G H x , then all the 6 values 1, —1, A, —A, 1 — A 
and A — 1 are squares in ¥ q . Thus for any jj, G {A, 1 — A, v, jK-, ^y}? is 
Fg-isomorphic to £7a and E^ G Hi. If E\ G H 4 , then J5 M is F g -isomorphism to E\ 
only for // G {A, 1 — A} since only 1 and —1 are squares among the six numbers in 
the second column of Table 1. Now -&l-a G H 4 too. 

If E\ G H 2 , then 1, —1, A and —A are squares while 1 — A and A — 1 are non- 
squares. Thus En is Fq-isomorphic to E\ for /i G {A, 1 — A, jk ^r^}- Note that now 
Hi G H 2 but -Ei_a, E\-i G H 3 . Similarly, if H A G H 3 , then H M is F 9 -isomorphic to 

A A 

E x for (j, G {A, 1 - A, ^j-} and G H 3 but Hi_ A , E_i_ G H 2 . 

Therefore, let N q ^ Hl , N q> H 2 uH 3 , an d -^,#4 be the number of F^-isomorphism 
classes of Legendre elliptic curves E x G Hi, H 2 U H 3 and H 4 respectively. Then 



6 



we have 



< -3-2^/6 + 1 + 1= q + 2S 



N, 



4 

q — 5 
4 

g — 5 
4 

q — 5 
4 



24 



/6 



g — 5 
24 ' 

2 J /6 + 1 = 

3 J /6+1 = 



g + 11 
24 : 

g + 7 
24 ' 



N, 



q,H 2 UH 3 



^l- 2 l /4+1: 



g + 3 



if 5 = 1 (mod 24), 

if q = 5 (mod 24), 

if g = 13 (mod 24), 

if g = 17 (mod 24), 

if q= 1,17 (mod 24), 
if g = 5, 13 (mod 24), 



and 



N, 



q,H 4 



4 J ' 8 



g + 3 



if q= 1,17 (mod 24), 
if g = 5, 13 (mod 24). 



We know from above analysis that the Legendre curves from the 3 distinct sets 
Hi, H 2 UH 3 and H 4 can not be F g -isomorphic to each other. Summing up the above 
numbers, we have the following theorem: 

Theorem 3.5. Suppose W q is a finite field with char(¥ q ) > 3 and q = 1 (mod 4). 
Let N q be the number of ¥ q -isomorphism classes of Legendre curves E\ : y 2 = 
x(x — l)(x — A) defined over ¥ q with A(A — 1) ^ 0. Then 



( 7g+17 
24 ' 
7g+ 13 
24 ' 
7g + 29 
24 ' 
7g + l 
24 ' 



if q = 1 (mod 24), 
if q = 5 (mod 24), 
i/ g = 13 (mod 24), 
z/ g = 17 (mod 24). 



Combining Theorems 13.31 and 13.51 together, we have the following enumeration 
result. 
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Theorem 3.6. Suppose ¥ q is the finite field with q elements and char(¥ q ) > 3. 
Let N q be the number of F ' q -isomorphism classes of Legendre curves E\ : y 2 = 
x(x — l)(x — A) defined over ¥ q with A(A — 1) ^ 0. Then 

1 (mod 24), 
5 (mod 24), 
7,19 (mod 24), 
11,23 (mod 24), 
13 (mod 24), 
17 (mod 24). 
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